D4 Privacy Policy

D4 PRIVACY POLICY 1.7 April 10, 2018

D4 LLC is a limited liability corporation organized under the laws of the State of New York, USA. D4 LLC (“D4”) is engaged in the businesses of information and data management and eDiscovery and litigation support services.

DEFINITIONS:

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“D4 Customer” is a D4 customer which pays D4 for its services. Customers are primarily law firms and corporate law departments who engage D4 for computer forensic services, digital investigations, and for the processing, hosting, analysis, sand production of electronically stored information (ESI) in litigations, investigations, and corporate transactions. In the course of this work, D4 collects or receives information from individuals and corporations in the US and globally, including in the European Union.

“Data Subject” is an identifiable natural person.

“Human resources data” refers to personal information of EU employees collected in the context of the employment relationship that is transferred into the United States. More information about Human Resources Data as it relates to the Privacy Shield may be found at https://www.privacyshield.gov/article?id=9-Human-Resources-Data

“Personal data” and “personal information” are data about a “data subject”, an identified or identifiable individual that is within the scope of the EU Privacy Directive and the Swiss Federal Data Protection Act, received by an organization in the United States from the European Union and/or Switzerland, and recorded in any form.

“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Sensitive personal data” is data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information concerning the sex life of an individual.

“Third Party” is an individual or organization to whom D4 may transfer personal data or personal information. A third party may be an individual, organization, law firm, or governmental organization.

HOW D4 USES DATA PROVIDED THROUGH ITS WEBSITE

D4 operates a website at www.d4discovery.com. You may browse non-password-protected sections of the D4 website without providing us with personal information. D4 does not collect personal information such as email address when you browse. However, your browser may provide us with certain information about your computer’s browser type, operating system and IP address, your access date and time, and your referring and exiting URLs.

To access certain content on the D4 website, or to register for D4 events or to sign up for D4 publications, or to apply for employment online, D4 asks that you register on the website. Registration includes name, address, telephone number, email address, organization, and some information about your role and your organization. You may choose not to provide this information and therefore not access certain content, register for events or publications, or apply online for employment. The website provides further information for you to do these things by calling or mailing us.

D4 web servers place a small data file or "cookie" on the hard drive of your computer when you first connect to the D4 site. The cookie allows D4 to recognize your computer, on return visits, to study website traffic patterns, to improve our website, and to improve and develop the services that we provide.

D4 uses “web beacons” (also known as Internet tags, pixel tags and clear GIFs) that allow D4 to collect web log information. A web beacon is a graphic on a web page or in an e-mail message designed to track pages viewed or messages opened. The Using these, the website recognizes some non-personal information, such as the date and time you visited our site, the pages you visited, the type of browser you are using, and the type of operating system you are using, D4 may also include web beacons in promotional e-mail messages in order to determine whether messages have been opened.

D4 web servers place a small data file or "cookie" on the hard drive of your computer when you first connect to the D4 site. The cookie allows D4 to recognize your computer, on return visits, to study website traffic patterns, to improve our website, and to improve and develop the services that we provide.

D4 does not track its users over time or across third party websites and therefore does not respond to Do Not Track (DNT) signals.

The information that is provided to D4 when you browse our website is used by D4 solely for internal purposes including evaluation of site use, assessment of site performance, improvement of site content, improvement and development of D4 products and services. D4 does not use this information to target individuals for marketing unless you register on our website.

When you register on the D4 website for a particular purpose, D4 uses your information for the purposes for which it was provided, which may include contacting you and providing you with the information that you have requested. You may opt out of further communication by using website or email links or by contacting marketing@d4discovery.com.

D4 does not use cookies or otherwise to collect or share or distribute information to third parties for marketing or any other purposes. We may disclose information we receive through the website if required by legal process.

D4 may transfer information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to try to require that the transferee use information you have provided through this website in a manner that is consistent with a website privacy notice.

HOW D4 USES INFORMATION PROVIDED BY ITS CUSTOMERS

D4 collects or receives emails and files from D4 Customers and from Data Subjects or business organizations that are provided legal representation by D4 Customers. The emails and files themselves may contain, business data, Personal Data and Sensitive Personal Data, including Human Resources Data.

D4 uses this data solely to support the litigation or investigation it was engaged to support. The data may be viewed by attorneys who determine whether the data may be used as evidence in a US litigation or investigation. Portions of the data may be selected for Onward Transfer to Third Parties who have requested that information in the course of a litigation or investigation. Data may be used as exhibits in depositions or trials and may become part of US federal or state court records.

D4 may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

D4 collects or receives emails and files from D4 Customers and from Data Subjects or business organizations that are provided legal representation by D4 Customers. The emails and files themselves may contain, business data, Personal Data and Sensitive Personal Data, including Human Resources Data.

D4 uses this data solely to support the litigation or investigation it was engaged to support. The data may be viewed by attorneys who determine whether the data may be used as evidence in a US litigation or investigation. Portions of the data may be selected for Onward Transfer to Third Parties who have requested that information in the course of a litigation or investigation. Data may be used as exhibits in depositions or trials and may become part of US federal or state court records.

D4 may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

COMMITMENT TO EU-US and SWISS-US PRIVACY SHIELD

D4 commits to comply with the EU-US and the Swiss-US Privacy Shield Principles. D4 commits to respect the privacy concerns and regulations of any nation in which it or its clients may operate.

D4 complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. D4 has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy shield program, and to view our certification page, please visit https://www.privacyshield.gov/

D4 is subject to the investigatory and enforcement authority of the US Federal Trade Commission (FTC)

ACCESS, CHOICE, DATA INTEGRITY, SCOPE, AND DURATION

You have the right to access your personal data, and the right to be informed of the scope, purposes and duration for which your personal data is being collected or used. To exercise that right, please contact the corporate officer or representative whose name, address, phone and email address appear below, or contact privacy@d4discovery.com. For access, a D4 representative will make available to you an inventory, view or copy of the data we have in our possession within five business days. For information about scope, purpose and duration of data collected on behalf of a D4 Customer, D4 will acknowledge your request within 48 hours of its receipt, will contact the D4 Customer on whose behalf the data was collected, and will respond within five business days.

You have the right to opt in or opt out of data being collected, whether collection is through our website or through a D4 Customer transaction. To exercise that right, please contact the corporate officer or representative whose name, address, phone and email address appear below, or contact privacy@d4discovery.com. If the data was collected in the course of a D4 Customer transaction, D4 will acknowledge your request and will notify the D4 Customer of your request within two business days of receipt of your notification. Actual time for completion of your opt-out may depend on the timetable of the D4 Customer transaction as of the date of your request but in no event will exceed 45 days. If the data was collected through the D4 website, a D4 representative will arrange for the appropriate inclusion or deletion and further opt-out requirements within five business days of receipt of your notification.

ONWARD TRANSFERS

A Third Party may be a D4 Customer or an agent of the D4 Customer who is assisting the D4 customer in the litigation or investigation. A Third Party may be another party to the litigation or investigation, and may include an opposing party organization or individual or governmental entity, or an agent of such who is assisting that party in the conduct of the litigation.

A Third Party may be an information security or compliance specialist who inspects and tests D4’s data operations for security and for compliance with various security regulations and standards.

A Third Party may also be an individual or organization who is a purchaser of D4 or otherwise a successor in interest. In cases of onward transfer to third parties of data of EU and/or Swiss individuals received pursuant to the EU-US or Swiss-US Privacy Shield, D4 is potentially liable.

In any onward transfer of personal information pursuant to these policies, D4 ensures that the onward transferee has copies of D4’s policies and procedures of its own privacy requirements for that particular matter, is compliant with the EU-US and Swiss-US Privacy Shield, subjects itself by contract to the same requirements of notice, choice, transparency, security, data integrity, onward transfer, complaint and enforcement, and/or undertakes an appropriate contract with legal enforceability in the US. Included in any contract, D4 seeks to ensure that it contains requirements for the transferee to notice D4 and the data subject should it be unable to meet its requirements under these policies. In situations in which an onward transferee cannot meet its continuing requirements, D4 seeks to regain control or other methods to retain compliance with these policies

You have the right to opt in or opt out of an onward transfer of your data, whether the collection is through our website or through a D4 Customer transaction. To exercise that right, please contact the corporate officer or representative whose name, address, phone and email address appear below, or contact privacy@d4discovery.com. If the data was collected in the course of a D4 Customer transaction, D4 will acknowledge your request and will notify the D4 Customer of your request within two business days of receipt of your notification. If the data was collected through the D4 website, a D4 representative will arrange for the appropriate inclusion or deletion and further opt-out requirements within five business days of receipt of your notification.

We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

RESOLUTION OF DISPUTES

If you make an inquiry or complaint to D4 with respect to the EU-US or Swiss-US Privacy Shield, D4 agrees to respond to you within 45 days. There is no cost to request information or resolve an issue. If you are not satisfied with the inquiry or response, you have a means for independent recourse for further investigation and resolution. In compliance with the Privacy Shield Principles, D4 commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and/or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact D4 at John Rubens, Chief Operating Officer, D4, 222 Andrews Street, Rochester, NY 14604 jrubens@d4discovery.com or privacy@d4discovery.com

INDEPENDENT RECOURSE MECHANISMS FOR NON-HUMAN RESOURCES DATA

D4 has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Finally and as a last resort in limited circumstances, EU or Swiss individuals with unresolved complaints may seek binding arbitration before a Privacy Shield Panel.

INDEPENDENT RECOURSE MECHANISMS FOR HUMAN RESOURCES DATA

EU individuals whose HR data we receive can first address questions or comments regarding the handling of that information directly to us at (provide contact info here or refer to it in another part of your document). We resolve to deal with all questions regarding this data and potential grievances arising from it in a timely manner. Note that under certain conditions we may, as a data processor, have to refer you to our client who is the data controller.

D4 operates a formal Change Control Board consisting of individuals from every aspect of D4’s management and operations. These principles and procedures are submitted to D4’s Change Control Board as of the date below.